From 9594979caf775dc4062850044715b804d1fda60c Mon Sep 17 00:00:00 2001 From: lloyd Date: Wed, 28 Mar 2012 23:35:36 +0000 Subject: Kill off the quite vestigal pubkey_enums header. Move most of the code to key_constraints.{h,cpp} in cert/x509. Move the X509_Encoding enum to x509_key.h Constify argument to X509_Object::check_signature, accidental ommision --- src/cert/cvc/signed_obj.h | 2 +- src/cert/x509/key_constraint.cpp | 69 ++++++++++++++++++++++++++++++++++++++++ src/cert/x509/key_constraint.h | 57 +++++++++++++++++++++++++++++++++ src/cert/x509/pkcs10.h | 1 + src/cert/x509/x509_ca.cpp | 3 +- src/cert/x509/x509_obj.cpp | 6 ++-- src/cert/x509/x509_obj.h | 6 ++-- src/cert/x509/x509cert.h | 2 +- src/pubkey/info.txt | 2 -- src/pubkey/pubkey_enums.cpp | 42 ------------------------ src/pubkey/pubkey_enums.h | 51 ----------------------------- src/pubkey/x509_key.cpp | 26 --------------- src/pubkey/x509_key.h | 18 +++-------- 13 files changed, 142 insertions(+), 143 deletions(-) create mode 100644 src/cert/x509/key_constraint.cpp create mode 100644 src/cert/x509/key_constraint.h delete mode 100644 src/pubkey/pubkey_enums.cpp delete mode 100644 src/pubkey/pubkey_enums.h diff --git a/src/cert/cvc/signed_obj.h b/src/cert/cvc/signed_obj.h index 0c0fb30af..20f0e7b14 100644 --- a/src/cert/cvc/signed_obj.h +++ b/src/cert/cvc/signed_obj.h @@ -10,7 +10,7 @@ #define BOTAN_EAC_SIGNED_OBJECT_H__ #include -#include +#include #include #include diff --git a/src/cert/x509/key_constraint.cpp b/src/cert/x509/key_constraint.cpp new file mode 100644 index 000000000..8a4b3deb3 --- /dev/null +++ b/src/cert/x509/key_constraint.cpp @@ -0,0 +1,69 @@ +/* +* KeyUsage +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include +#include +#include + +namespace Botan { + +namespace BER { + +/* +* Decode a BER encoded KeyUsage +*/ +void decode(BER_Decoder& source, Key_Constraints& key_usage) + { + BER_Object obj = source.get_next_object(); + + if(obj.type_tag != BIT_STRING || obj.class_tag != UNIVERSAL) + throw BER_Bad_Tag("Bad tag for usage constraint", + obj.type_tag, obj.class_tag); + if(obj.value.size() != 2 && obj.value.size() != 3) + throw BER_Decoding_Error("Bad size for BITSTRING in usage constraint"); + if(obj.value[0] >= 8) + throw BER_Decoding_Error("Invalid unused bits in usage constraint"); + + const byte mask = (0xFF << obj.value[0]); + obj.value[obj.value.size()-1] &= mask; + + u16bit usage = 0; + for(size_t j = 1; j != obj.value.size(); ++j) + usage = (obj.value[j] << 8) | usage; + + key_usage = Key_Constraints(usage); + } + +} + +/* +* Find the allowable key constraints +*/ +Key_Constraints find_constraints(const Public_Key& pub_key, + Key_Constraints limits) + { + const std::string name = pub_key.algo_name(); + + size_t constraints = 0; + + if(name == "DH" || name == "ECDH") + constraints |= KEY_AGREEMENT; + + if(name == "RSA" || name == "ElGamal") + constraints |= KEY_ENCIPHERMENT | DATA_ENCIPHERMENT; + + if(name == "RSA" || name == "RW" || name == "NR" || + name == "DSA" || name == "ECDSA") + constraints |= DIGITAL_SIGNATURE | NON_REPUDIATION; + + if(limits) + constraints &= limits; + + return Key_Constraints(constraints); + } + +} diff --git a/src/cert/x509/key_constraint.h b/src/cert/x509/key_constraint.h new file mode 100644 index 000000000..2c9b3778b --- /dev/null +++ b/src/cert/x509/key_constraint.h @@ -0,0 +1,57 @@ +/* +* Enumerations +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_ENUMS_H__ +#define BOTAN_ENUMS_H__ + +#include + +namespace Botan { + +/** +* X.509v3 Key Constraints. +*/ +enum Key_Constraints { + NO_CONSTRAINTS = 0, + DIGITAL_SIGNATURE = 32768, + NON_REPUDIATION = 16384, + KEY_ENCIPHERMENT = 8192, + DATA_ENCIPHERMENT = 4096, + KEY_AGREEMENT = 2048, + KEY_CERT_SIGN = 1024, + CRL_SIGN = 512, + ENCIPHER_ONLY = 256, + DECIPHER_ONLY = 128 +}; + +class Public_Key; + +/** +* Create the key constraints for a specific public key. +* @param pub_key the public key from which the basic set of +* constraints to be placed in the return value is derived +* @param limits additional limits that will be incorporated into the +* return value +* @return combination of key type specific constraints and +* additional limits +*/ + +BOTAN_DLL Key_Constraints find_constraints(const Public_Key& pub_key, + Key_Constraints limits); + +/** +* BER Decoding Function for key constraints +*/ +namespace BER { + +void BOTAN_DLL decode(BER_Decoder&, Key_Constraints&); + +} + +} + +#endif diff --git a/src/cert/x509/pkcs10.h b/src/cert/x509/pkcs10.h index bd01fb6b5..065dfbdc0 100644 --- a/src/cert/x509/pkcs10.h +++ b/src/cert/x509/pkcs10.h @@ -12,6 +12,7 @@ #include #include #include +#include #include namespace Botan { diff --git a/src/cert/x509/x509_ca.cpp b/src/cert/x509/x509_ca.cpp index 40f2e3b3a..77e066533 100644 --- a/src/cert/x509/x509_ca.cpp +++ b/src/cert/x509/x509_ca.cpp @@ -14,6 +14,7 @@ #include #include #include +#include #include #include #include @@ -57,7 +58,7 @@ X509_Certificate X509_CA::sign_request(const PKCS10_Request& req, else { std::auto_ptr key(req.subject_public_key()); - constraints = X509::find_constraints(*key, req.constraints()); + constraints = find_constraints(*key, req.constraints()); } Extensions extensions; diff --git a/src/cert/x509/x509_obj.cpp b/src/cert/x509/x509_obj.cpp index c58081225..670bd8da6 100644 --- a/src/cert/x509/x509_obj.cpp +++ b/src/cert/x509/x509_obj.cpp @@ -168,16 +168,16 @@ std::string X509_Object::hash_used_for_signature() const /* * Check the signature on an object */ -bool X509_Object::check_signature(Public_Key* pub_key) const +bool X509_Object::check_signature(const Public_Key* pub_key) const { - std::auto_ptr key(pub_key); + std::auto_ptr key(pub_key); return check_signature(*key); } /* * Check the signature on an object */ -bool X509_Object::check_signature(Public_Key& pub_key) const +bool X509_Object::check_signature(const Public_Key& pub_key) const { try { std::vector sig_info = diff --git a/src/cert/x509/x509_obj.h b/src/cert/x509/x509_obj.h index 570b00f51..e46e72ce3 100644 --- a/src/cert/x509/x509_obj.h +++ b/src/cert/x509/x509_obj.h @@ -10,7 +10,7 @@ #include #include -#include +#include #include #include @@ -62,7 +62,7 @@ class BOTAN_DLL X509_Object * @param key the public key purportedly used to sign this data * @return true if the signature is valid, otherwise false */ - bool check_signature(class Public_Key& key) const; + bool check_signature(const Public_Key& key) const; /** * Check the signature on this data @@ -70,7 +70,7 @@ class BOTAN_DLL X509_Object * the pointer will be deleted after use * @return true if the signature is valid, otherwise false */ - bool check_signature(class Public_Key* key) const; + bool check_signature(const Public_Key* key) const; /** * @return BER encoding of this diff --git a/src/cert/x509/x509cert.h b/src/cert/x509/x509cert.h index d25b97694..6a4fd6959 100644 --- a/src/cert/x509/x509cert.h +++ b/src/cert/x509/x509cert.h @@ -12,7 +12,7 @@ #include #include #include -#include +#include #include namespace Botan { diff --git a/src/pubkey/info.txt b/src/pubkey/info.txt index 5f36f63c4..c8e618839 100644 --- a/src/pubkey/info.txt +++ b/src/pubkey/info.txt @@ -6,7 +6,6 @@ pk_algs.cpp pk_keys.cpp pkcs8.cpp pubkey.cpp -pubkey_enums.cpp workfactor.cpp x509_key.cpp @@ -17,7 +16,6 @@ pk_keys.h pk_ops.h pkcs8.h pubkey.h -pubkey_enums.h x509_key.h diff --git a/src/pubkey/pubkey_enums.cpp b/src/pubkey/pubkey_enums.cpp deleted file mode 100644 index 90d835814..000000000 --- a/src/pubkey/pubkey_enums.cpp +++ /dev/null @@ -1,42 +0,0 @@ -/* -* KeyUsage -* (C) 1999-2007 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include -#include - -namespace Botan { - -namespace BER { - -/* -* Decode a BER encoded KeyUsage -*/ -void decode(BER_Decoder& source, Key_Constraints& key_usage) - { - BER_Object obj = source.get_next_object(); - - if(obj.type_tag != BIT_STRING || obj.class_tag != UNIVERSAL) - throw BER_Bad_Tag("Bad tag for usage constraint", - obj.type_tag, obj.class_tag); - if(obj.value.size() != 2 && obj.value.size() != 3) - throw BER_Decoding_Error("Bad size for BITSTRING in usage constraint"); - if(obj.value[0] >= 8) - throw BER_Decoding_Error("Invalid unused bits in usage constraint"); - - const byte mask = (0xFF << obj.value[0]); - obj.value[obj.value.size()-1] &= mask; - - u16bit usage = 0; - for(size_t j = 1; j != obj.value.size(); ++j) - usage = (obj.value[j] << 8) | usage; - - key_usage = Key_Constraints(usage); - } - -} - -} diff --git a/src/pubkey/pubkey_enums.h b/src/pubkey/pubkey_enums.h deleted file mode 100644 index c64a8493d..000000000 --- a/src/pubkey/pubkey_enums.h +++ /dev/null @@ -1,51 +0,0 @@ -/* -* Enumerations -* (C) 1999-2007 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#ifndef BOTAN_ENUMS_H__ -#define BOTAN_ENUMS_H__ - -#include - -namespace Botan { - -/** -* X.509v3 Key Constraints. -*/ -enum Key_Constraints { - NO_CONSTRAINTS = 0, - DIGITAL_SIGNATURE = 32768, - NON_REPUDIATION = 16384, - KEY_ENCIPHERMENT = 8192, - DATA_ENCIPHERMENT = 4096, - KEY_AGREEMENT = 2048, - KEY_CERT_SIGN = 1024, - CRL_SIGN = 512, - ENCIPHER_ONLY = 256, - DECIPHER_ONLY = 128 -}; - -/** -* BER Decoding Function for key constraints -*/ -namespace BER { - -void BOTAN_DLL decode(BER_Decoder&, Key_Constraints&); - -} - -/* -* Various Other Enumerations -*/ - -/** -* The two types of X509 encoding supported by Botan. -*/ -enum X509_Encoding { RAW_BER, PEM }; - -} - -#endif diff --git a/src/pubkey/x509_key.cpp b/src/pubkey/x509_key.cpp index 4714b1285..c55f37d94 100644 --- a/src/pubkey/x509_key.cpp +++ b/src/pubkey/x509_key.cpp @@ -107,32 +107,6 @@ Public_Key* copy_key(const Public_Key& key) return X509::load_key(source); } -/* -* Find the allowable key constraints -*/ -Key_Constraints find_constraints(const Public_Key& pub_key, - Key_Constraints limits) - { - const std::string name = pub_key.algo_name(); - - size_t constraints = 0; - - if(name == "DH" || name == "ECDH") - constraints |= KEY_AGREEMENT; - - if(name == "RSA" || name == "ElGamal") - constraints |= KEY_ENCIPHERMENT | DATA_ENCIPHERMENT; - - if(name == "RSA" || name == "RW" || name == "NR" || - name == "DSA" || name == "ECDSA") - constraints |= DIGITAL_SIGNATURE | NON_REPUDIATION; - - if(limits) - constraints &= limits; - - return Key_Constraints(constraints); - } - } } diff --git a/src/pubkey/x509_key.h b/src/pubkey/x509_key.h index 3fdee8cde..13ad7e635 100644 --- a/src/pubkey/x509_key.h +++ b/src/pubkey/x509_key.h @@ -10,12 +10,16 @@ #include #include -#include #include #include namespace Botan { +/** +* The two types of X509 encoding supported by Botan. +*/ +enum X509_Encoding { RAW_BER, PEM }; + /** * This namespace contains functions for handling X.509 public keys */ @@ -63,18 +67,6 @@ BOTAN_DLL Public_Key* load_key(const MemoryRegion& enc); */ BOTAN_DLL Public_Key* copy_key(const Public_Key& key); -/** -* Create the key constraints for a specific public key. -* @param pub_key the public key from which the basic set of -* constraints to be placed in the return value is derived -* @param limits additional limits that will be incorporated into the -* return value -* @return combination of key type specific constraints and -* additional limits -*/ -BOTAN_DLL Key_Constraints find_constraints(const Public_Key& pub_key, - Key_Constraints limits); - /** * Encode a key into a pipe. * @deprecated Use PEM_encode or BER_encode instead -- cgit v1.2.3